Zend Framework 2- bjyauthorize 403禁忌
Zend Framework 2- bjyauthorize 403禁忌
提问于 2014-08-20 20:14:06
当我安装ZfUser时,使用ZfUser模块授权=>是正确的,但是当我在所有其他模块ex : Application模块中访问时,我有以下内容:
403禁止你进入家。
在module.bjyauthorize.global中,我使用以下内容:
<?php
return array(
'bjyauthorize' => array(
// set the 'guest' role as default (must be defined in a role provider)
'default_role' => 'guest',
/* this module uses a meta-role that inherits from any roles that should
* be applied to the active user. the identity provider tells us which
* roles the "identity role" should inherit from.
*
* for ZfcUser, this will be your default identity provider
*/
'identity_provider' => 'BjyAuthorize\Provider\Identity\ZfcUserZendDb',
/* role providers simply provide a list of roles that should be inserted
* into the Zend\Acl instance. the module comes with two providers, one
* to specify roles in a config file and one to load roles using a
* Zend\Db adapter.
*/
'role_providers' => array(
/* here, 'guest' and 'user are defined as top-level roles, with
* 'admin' inheriting from user
*/
'BjyAuthorize\Provider\Role\Config' => array(
'guest' => array(),
'user' => array('children' => array(
'admin' => array(),
)),
),
// this will load roles from the user_role table in a database
// format: user_role(role_id(varchar), parent(varchar))
'BjyAuthorize\Provider\Role\ZendDb' => array(
'table' => 'user_role',
'role_id_field' => 'role_id',
'parent_role_field' => 'parent',
),
),
// resource providers provide a list of resources that will be tracked
// in the ACL. like roles, they can be hierarchical
'resource_providers' => array(
'BjyAuthorize\Provider\Resource\Config' => array(
'admin' => array(),
//'pants' => array(),
),
),
/* rules can be specified here with the format:
* array(roles (array), resource, [privilege (array|string), assertion])
* assertions will be loaded using the service manager and must implement
* Zend\Acl\Assertion\AssertionInterface.
* *if you use assertions, define them using the service manager!*
*/
'rule_providers' => array(
'BjyAuthorize\Provider\Rule\Config' => array(
'allow' => array(
// allow guests and users (and admins, through inheritance)
// the "wear" privilege on the resource "pants"
//array(array('guest', 'user'), 'wear', 'pants'),
array(array('admin'), 'admin'),
),
// Don't mix allow/deny rules if you are using role inheritance.
// There are some weird bugs.
'deny' => array(
// ...
),
),
),
/* Currently, only controller and route guards exist
*/
'guards' => array(
/* If this guard is specified here (i.e. it is enabled), it will block
* access to all controllers and actions unless they are specified here.
* You may omit the 'action' index to allow access to the entire controller
*/
'BjyAuthorize\Guard\Controller' => array(
array('controller' => 'zfcuser', 'roles' => array()),
//backend
array('controller' => 'Application\Controller\Index','roles' => array('guest','user','admin')),
array('controller' => 'Admin\Controller\Annonces', 'roles' => array('guest')),
array('controller' => 'Annonces\Controller\Annonces', 'roles' => array('guest','user','admin')),
),
'BjyAuthorize\Guard\Route' => array(
//array('route' => 'annonces', 'roles' => array('guest')),
array('route' => 'zfcuser', 'roles' => array('user')),
array('route' => 'zfcuser/logout', 'roles' => array('user')),
array('route' => 'zfcuser/login', 'roles' => array('guest')),
array('route' => 'zfcuser/register', 'roles' => array('guest')),
array('route' => 'index', 'roles' => array('guest','user')),
array('route' => 'annonce', 'roles' => array('guest','user','admin')),
array('route' => 'annonces', 'roles' => array('guest','user','admin')),
),
),
),
);回答 1
Stack Overflow用户
发布于 2014-08-22 12:13:19
首先,您需要选择ACL策略。所提供的配置文件显示了所有可用的选项,但这并不意味着您应该使用所有这些选项。
对于role_providers,您应该使用db连接或使用指定数组。我的看上去如下(如果你使用的是理论)-
'role_providers' => array(
'BjyAuthorize\Provider\Role\ObjectRepositoryProvider' => array(
'object_manager' => 'doctrine.entitymanager.orm_default',
'role_entity_class' => 'User\Entity\Role',
),
),对于简单的应用程序,不需要指定rule_providers和resource_providers。当我将它们用于菜单时,我倾向于指定它们。
我注意到你在用两个警卫。您应该只使用一个警卫,即一个路线警卫或一个控制器警卫。我个人倾向于更多地使用控制器保护,因为您可以为一个控制器拥有多条路径。控制器守卫的一个例子如下-
return array(
...
'guards' => array(
'BjyAuthorize\Guard\Controller' => array(
array(
'controller' => 'zfcuser',
'action' => array(
'index', // for indexAction
),
'roles' => array(
'guest',
'user',
),
),
array(
'controller' => 'zfcuser',
'action' => array(
'login', // for loginAction
'authenticate',
),
'roles' => array(
'guest',
),
),
array(
'controller' => 'zfcuser',
'action' => array(
'changepassword',
'changeemail',
'logout',
),
'roles' => array(
'user',
),
),
....我也强烈建议你读完这篇教程-
http://samminds.com/2013/03/zfcuser-bjyauthorize-and-doctrine-working-together/
虽然本教程使用的是原则,但这些概念适用于Zend/DB
页面原文内容由Stack Overflow提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:
https://stackoverflow.com/questions/25413634
复制相关文章
相似问题
腾讯云开发者
Copyright © 2013 - 2026 Tencent Cloud. All Rights Reserved. 腾讯云 版权所有
深圳市腾讯计算机系统有限公司 ICP备案/许可证号:粤B2-20090059 
粤公网安备44030502008569号
腾讯云计算(北京)有限责任公司 京ICP证150476号 | 京ICP备11018762号